How big of a role does Cyber Insurance play in your cybersecurity strategy?

It can help, but think of it like earthquake insurance - it is not going to:- prevent your house from being destroyed- come anywhere close to covering your losses- replace your prized possessionsbut it will cost some money. I feel that cyber insurance is really most effective at helping you understand the market cost of your cyber risk, and how that is trending. Moreover, for a business with moderate to significant digital assets, I think it is a must have. However, it most definitely is not the solution to minimizing your risks. Nor is it something that provides anything close to any kind of prevention.

My personal views of Insurance in general is that one typically overpays for something that they hope they never have to use, and if they do, it never covers what one expects it to. Having said that, you should check out how Tower Street is approaching measuring risk and applying that to Cyber Insurance.

We have it for our own company and we also require it of our partners/vendors to have Cyber insurance of a certain amount in order to do business with us.

At Versartis, after a careful risk analysis we decided to not pursue cyber insurance. However, if your company handles customer data and even employee data (depending how it is stored)cyber insurance is useful. The cyber insurance vendors are getting smarter and now require that you have specific incident response vendors as well as strong security controls before granting you insurance. This makes the executives aware of the companies security programs and maybe helps add to your security budget. Now with GDPR, things are getting real. Your company can face serious fines for data breaches. If you don't have cyber coverage than your company would be fully responsible for all costs including fines, loss of business, notifications to customers, forensic investigations, etc.